Exploitdb Exploits
31,346 exploits tracked across all sources.
Alqatari Q R Script 1.0 - SQL Injection via lesson.php id Parameter
SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
AlefMentor 2.0 and 2.2 - SQL Injection via cont_id and courc_id Parameters
Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 and 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) cont_id and (2) courc_id parameters in a pregled action. NOTE: some of these details are obtained from third party information.
by Red-D3v1L
SiSplet CMS 2008-01-24 - Multiple Remote File Inclusions
by cr4wl3r
MarieCMS 0.9 - Local File Inclusion / Remote File Inclusion / Cross-Site Scripting
by Amol Naik
Chipmunk NewsLetter - Persistent Cross-Site Scripting
by mr_me
Advanced Image Hosting Script 2.x - 'search.php' Cross-Site Scripting
by aBo MoHaMeD
Barracuda IMFirewall 620 - Multiple Vulnerabilities
by Global-Evolution
Elkagroup Image Gallery - SQL Injection
SQL injection vulnerability in elkagroup Image Gallery allows remote attackers to execute arbitrary SQL commands via the id parameter to the default URI under news/.
by SadHaCkEr
AROUNDMe 1.1 - Remote Code Execution via Language Path Parameter
PHP remote file inclusion vulnerability in components/core/connect.php in AROUNDMe 1.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the language_path parameter.
by cr4wl3r
TANDBERG F8.2 / F8.0 / F7.2 / F6.3 - Remote Denial of Service
by otokoyama
WordPress Plugin Image Manager - Arbitrary File Upload
by DigitALL
PhpShop 0.8.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by Andrea Fabrizi
WordPress Plugin Yoast Google Analytics 3.2.4 - 404 Error Page Cross-Site Scripting
by intern0t
YABSoft Advanced Image Hosting Script 2.2 - Cross-Site Scripting via search.php text parameter
Cross-site scripting (XSS) vulnerability in search.php in YABSoft Advanced Image Hosting (AIH) Script 2.2, and possibly 2.3, allows remote attackers to inject arbitrary web script or HTML via the text parameter.
by R3VAN_BASTARD
Joomla! Component yt_color YOOOtheme - Cross-Site Scripting / Cookie Stealing
by andresg888
Joomla! Component You!Hostit! 1.0.1 Template - Cross-Site Scripting
by andresg888
Joomla! Component YOOtheme Warp5 - 'yt_color' Cross-Site Scripting
by andresg888
Invision Power Board 2.3.6/3.0.4 - Local File Inclusion / SQL Injection
by Dawid Golunski
PTCPay GeN3 forum 1.3 - SQL Injection
SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by Dr.0rYX & Cr3W-DZ
Clixint Technologies DPI - Cross-Site Scripting
by anonymous
By Source